Accepting credit cards for payment is a common business practice some lawyers avoid because they are fearful of the ethical implications. The process can be intimidating, unless you know the answers to some common questions:
Q: Can I accept payments by credit card?
A: Yes. However, carefully review OSB Legal Ethics Opinion No. 2005-172. If the bank requires that you designate a single merchant account for all credit card transactions and you accept credit card payments for earned and unearned fees, your merchant account should be a trust account.
Q. If credit card payments for earned fees are deposited into my trust account, how do I avoid commingling?
A: Promptly transfer those funds into your business account (once the credit card transaction has cleared the bank).
Q: Who pays the credit card merchant fee?
A: Merchant fees or other credit card charges deducted from the trust account are the lawyer’s responsibility. The lawyer must ensure that sufficient funds are deposited or transferred into the trust account in a timely manner to cover these expenses. OSB Legal Ethics Opinion No. 2005-172. Passing the merchant fee on to the client or crediting the client for the net amount of the transaction only, even if the client agrees, may implicate Regulation Z of the Truth in Lending Act, 12 CFR §226. As a result, you may be compelled to offer cash discounts to all clients and make specified disclosures to your clients who pay by credit card. See CONSUMER LAW IN OREGON ch 14 (Oregon CLE 1996 & Supp 2000).
Q: Can I designate my business account as my merchant account if I accept credit card payments for earned fees only?
A: Yes. This is a good approach if you want to spare yourself the extra bookkeeping involved in transferring funds and covering bank fees. See the answer to the next question for another alternative.
Q: Are there any other choices? I don’t want merchant fees taken out of my lawyer trust account and I don’t want the hassle of reimbursing them either.
A: Yes and No. In all likelihood, your bank will not be able to offer an agreeable alternative. Most are stuck in lock-step when it comes to merchant accounts. The solution is to give your credit card business to a private processor who can offer more flexibility in terms. One option is Beacon Processing. Beacon works exclusively with physicians and lawyers. Processing fees are always assessed against your general account, not the lawyer trust account. Payments can be deposited into either, based on whether they are earned or not. This flexibility represents the best of both worlds – you control where each deposit goes and client money is never touched to pay credit card transaction fees. If your bar association has partnered with Affiniscape, you may have access to a Law Firm Merchant Account program which operates in the same way. Oregon’s Multnomah Bar Association offers this affinity program to it’s members. Note: This is not a paid endorsement of Beacon Processing or Affiniscape/Law Firm Merchant Account. These vendors are only two of the many private credit card processing companies. Practitioners should conduct their own research when selecting a private credit card processor.
Q: What happens if a client disputes a fee paid by credit card?
A: If a client disputes a fee paid by credit card, the credit card company will “charge back” the payment against the account to which it was originally credited. This means the disputed funds will be deducted from the your account and given back to the client. If the charge back is against the trust account and you have already withdrawn the credit card payment as an earned fee, other clients’ money may be at risk. You are ethically bound to ensure that any charge backs which jeopardize other client funds in trust are promptly covered with your own funds. OSB Legal Ethics Opinion No. 2005-172.
Q: Can I enter into a written fee agreement that allows me to charge the client’s credit card for the balance due?
A: Yes. Your agreement should carefully spell out the conditions under which you are authorized to charge the client’s credit card. For example, your agreement may permit you to charge the client’s credit card for the full amount invoiced as soon as a bill is rendered or only if payment by check is not received within a certain time period.
Q: Are there any other steps I should take before processing the client’s credit card for payment?
A: Yes. Ask the client to complete a credit card authorization form. The form should gather the following information:
- Client Name
- Type of Card (Visa or MasterCard)
- Credit Card Number
- Expiration Date
- Name as it Appears on Card
- Company Name on Card (if applicable)
- Credit Card Billing Address
- Telephone, Fax, and E-mail
- Client’s Signature below the following statement:
This authorization is given subject to the terms of the attached Fee Agreement which are incorporated by reference herein.
By signing this authorization, I acknowledge that I have read and agree to all of the above information and warrant all information given is true.
Protect this information from potential identity theft, as you would other personal identifying information belonging to the client. See Protect Client Information from Identity Theft in the August 2008 issue of the In Brief, available on the PLF Web site.
Q: Do you have a sample fee agreement or credit card authorization form?
A: Yes. A sample Fee Agreement and Authorization to Charge Credit Card with accompanying Credit Card Payment Authorization Form is available on the PLF Web site. Select Practice Aids and Forms, then Engagement Letters.
For more information on accepting debit or credit cards in your business, see Credit and Debit Cards: To Accept or Not to Accept from Business.Gov.
Copyright Beverly Michaelis 2009
POSTSCRIPT 2013 –
Be sure you comply with PCI (Payment Card Industry) e-commerce guidelines. For recurring payments, these include:
“You must follow the terms of your merchant agreement. Most merchant agreements require you to have original signed standing authorizations from credit card holders. This bit of signed paper will help you if the customer challenges your charges.
It is best practice to encrypt credit card numbers. This as a mandatory requirement in the PCI guidelines.
Limit the term of the recurring payment to no more than one year, particularly if you have “Card holder not present” (CNP) transactions.
Expunge the credit card details as soon as the agreement is finished.
The problem with encryption is that you must be able to decrypt the data later on in the business process. When choosing a method to store cards in an encrypted form, remember there is no reason why the front-end web server needs to be able to decrypt them. Database-layer column or table level encryption is considered best practice.”